An Optimization Approach for Effective Formalized fUML Model Checking

An Optimization Approach for Effective Formalized fUML Model Checking Islam E. Abdelhalim Steve Schneider Helen Treharne University of Surrey 1 1

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Agenda • Introduction • Background • fUML formalization • Behavioural consistency checking • Formalization & Model checking Feedback • Model optimization • Compass • Conclusion

Introduction Semi-Formal Models e.g., UML Background fUML Formalization Class Diagram State Diagram Consistency Checking Activity Diagram Feedback Optimization Compass Our target is to get the benefits of the both in a practical way Problem definition Requirements Formal Methods Analysis System Design Mathematical Rigour Formal Language Coding Can be analyzed & verified Can NOT be analyzed & verified Testing Need mathematical Knowledge Popular due to the ease of use

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass General approach Formal Model Model Checker Formalizer Semi-Formal Model FDR2 fUML MDE CSP Checking Results Modeller Friendly Report Generator Modeller Friendly Report

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Context Semi-Formal Language Formal Language Formalizer UML Manual ACP xUML Automatic mCRL2 UML+OCL MDE Alloy What is new?! UML Action Semantics LOTOS B UML Profile Z … CSP||B Circus …

fUML is an OMG standard*. It acts as an intermediary between UML and the Platform Executable Language. This will allow code to be automatically generated from fUML models (or execute the model using model interpreter). Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass fUML (Foundational Subset for Executable UML) UML Models fUML Subset Platform Executable Language * Version1.0, February 2011

fUML subset is a modification for the UML2 standard (by: merging, excluding, or constraining) The subset includes: Class diagrams Activity diagrams Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass fUML (Foundational Subset for Executable UML) fUML Activity Diagram Sample

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Why fUML as a semi-formal language? Formal operational and declarative semantics fUML Negative Points • Lack of CASE Tools • Lack of Examples & Books • Leads to too detailed models

CSP (Communicating Sequential Processes) is a modelling language that allows the description of systems of interacting processes using few language primitives. Prefix: Input process: Output process: External choice: Internal choice: Alphabetized parallel: Hiding: “If” condition: Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Formal Language: CSP

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Model Driven Engineering (MDE) Target Meta-model Source Meta-model MDE Transformation Tool Source Model Target Model Transformation Rules

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass 1. fUML Activity Diagrams to CSP Stage objective Mapping Rules fUML Activity Diagram Represents the behaviour of … CSP Process

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass 1. fUML Activity Diagrams to CSP Mapping Rules signal instance sender receiver

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass 2. fUML Inter-object Communication Mechanism to CSP The Event Pool as a Controlled Buffer • Signals can be removed from any slot • Signals are checked in chronological order Active Object Object Activation Activity Compare Token is here (S2) S2 S1 S1 S2 S3 Event Pool Waiting Event Accepters

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass 3. Objects Creation and Destruction to CSP • Full support for the dynamic objects creation/destruction • ⇒ FDR2 • Hybrid approach, where the modeller needs to define the max number of objects that will be created.

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Problem definition Requirements Non-Executable Model UML State Diagrams (abstract) Design Inconsistency CASE Tool Modeller fUML Activity Diagrams (concrete) Implementation Executable Model

Formalization output fUML Activity Diagram UML State Diagram

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Behavioural consistency checking Formalized State Diagram Formalized Activity Diagram Counter-Example <valueSpec.selfObj.FALSE, addStructFtrVal.selfObj.isCooking.FALSE, registerSignals.selfObj.rp1, inState.ST2, accept.selfObj.doorOpenedSignal, send.selfObj.heaterObj.stopHeaterSignal, registerSignals.selfObj.rp2, inState.ST1, accept.selfObj.doorClosedSignal, send.selfObj.heaterObj.stopHeaterSignal, registerSignals.selfObj.rp2, inState.ST2, accept.selfObj.doorClosedSignal > FDR2 Inconsistent Consistent

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Problem definition What if the input UML/fUML model contains issues that prevent it from formalization? Will the modeller be able to understand FDR2 output?

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass General approach Formal Model Model Checker Formalizer Semi-Formal Model FDR2 fUML MDE CSP Checking Results Modeller Friendly Report Generator Modeller Friendly Report

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass UML Sequence Diagram Generator Counter Example UML Sequence Diagram Generator Quick Sequence Diagram Editor Object-to-Class Mapping Table

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Model Debugger • Visualizing the counter-example as a UML Sequence Diagram was very helpful in case of checking deadlock. • However, it was not suitable when checking the behavioral consistency between the UML state diagram and the fUML activity diagram.

Model Debugger Modeller View Using Case Tool • <valueSpec.selfObj.FALSE.NID1, • addStructFtrVal.selfObj.isCooking.FALSE.NID3, • registerSignals.selfObj.rp1.NID5, • accept.selfObj.doorOpenedSignal, • inState.ST2, • send.selfObj.heaterObj.stopHeaterSignal.NID8, • registerSignals.selfObj.rp2.NID6, • inState.ST1, • accept.selfObj.doorClosedSignal, • send.selfObj.heaterObj.stopHeaterSignal.NID8, • registerSignals.selfObj.rp2.NID6, ... Counter-Example CSP-to-UML/fUML Mapping Table

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Model optimization

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Problem definition • The state space size of the formal model grows with: • Number of active objects. • Behavioural complexity of each object. State Space Explosion

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Optimization Advisor Optimization Report --------------- --------------- --------------- Scans the fUML model based on fUML-Opti-Rules

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Optimization Advisor fUML-Opti-Rule(2): Detecting unacknowledged signals The send signal action 'Send(FuelUnitDelivered)' needs to be acknowledged Implemented using Epsilon Validation Language (EVL)

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Optimization rules applicability CSP-Opti-Rules Specialized optimization rules

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Model Optimizer CSP-Opti-Rule(2): Removing abandoned events Deadlock Free Deadlock Free Mathematically Proved

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Optimization effect on the GSS case study The GSS fUML model consists of 9 active objects communicating asynchronously

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Compass Compass Plugin to MagicDraw

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Conclusion Conclusions • Targeted specialised optimization with respect to a specific property enables significant gains in automated analysis • We have demonstrated this for deadlock: opti-rules are not semantics-preserving, but they are deadlock-preserving. • Feedback to the modeller is an important aspect • We have provided tool support as a plug-in to MagicDraw.

Introduction Background fUML Formalization Consistency Checking Feedback Optimization Conclusion Further Work • Extending the Model Formalizer • Support additional properties to check • Use another model checker • Further optimization rules • Support more semi-formal languages • Example: SysML or UPDM

Thank You

An Optimization Approach for Effective Formalized fUML Model Checking

An Optimization Approach for Effective Formalized fUML Model Checking

Presentation Transcript

Model Checking

Model Checking

Model checking

Statistical Model Checking , Refinement Checking , Optimization , .. for Stochastic Hybrid Systems

Model for an effective movie unit

Model for an effective movie unit

Model Checking

Model Checking

Model Checking

Model checking

Model Checking

Model Checking

Model Checking

Model Checking

Model Checking C# Code: A Translation Approach

Model Checking for an Executable Subset of UML

Model Checking

Model Checking for Security

Model checking

Model Checking for Clinical Guidelines: An Agent-based Approach

Model Checking

Model checking